• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Mobility   »   Study: Majority of mobile applications compromised by hacking

Study: Majority of mobile applications compromised by hacking

  • Posted on:August 28, 2012
  • Posted in:Mobility
  • Posted by:
    Trend Micro
0

Advances in mobile technologies have introduced a number of new benefits to the enterprise, allowing employees to be more flexible and access mission-critical applications and solutions from virtually anywhere. On the flipside, the rapid evolution of the mobile landscape has introduced a significant amount of security issues that many developers and companies were not prepared for.

The latter sentiment was echoed in a new study by Arxan Technologies, which revealed that more than 90 percent of the top 100 paid mobile applications have been compromised by hacking.

"We envision a thriving app economy with freedom and confidence to innovate and distribute new apps," said Jukka Alanen, vice president at Arxan Technologies and author of the report. "However, this potential is being threatened by hackers and most enterprises, security teams and app developers are not prepared for these attacks."

Threats are lurking in the midst of abundant mobile applications

The proliferation of smartphones, tablets and other mobile devices in the enterprise has given way to an app-centric environment in which decision-makers and employees alike are obsessed with the use of next-generation solutions. Since nearly everyone wanted to get a piece of this market as quickly as possible, many developers ended up creating applications with data security capabilities not strong enough to withstand attacks or that could easily be reverse engineered to exploit sensitive information, lead to the theft of intellectual property or damage corporate reputations.

The study revealed that 92 percent of the top paid applications for iOS devices and 100 percent of the top Android apps have been hacked. Forty percent and 80 percent of popular free apps for iOS and Android, respectively, have also been hacked. These compromised solutions were not limited to certain industries, as they impacted a wide range of verticals, including gaming, financial services, entertainment, healthcare and business tools.

"The traditional approaches to application security such as secure software development practices and vulnerability scanning cannot address the new hacking patterns that we identified," Alanen said. "The findings call for new approaches for mobile app owners to build protections directly inside their apps to withstand these new attacks."

Arxan Technologies recommends companies make data protection on mobile applications a strategic priority, especially for solutions that deal with financial transactions, confidential information and sensitive intellectual property.

A separate report by TechRepublic confirmed the importance of deploying only protected mobile applications. IT departments should regularly test and certify apps with each platform the solutions are intended to be used on. Since this process can be expensive for each application and device combination, decision-makers should narrow the list acceptable tools, making it easier to manage security during the consumerization of IT.

Companies also need to be adamant about regularly updating applications with their corresponding patches and upgrades, as these are intended to strengthen the solution's perimeters and make it less likely to fall victim to an attack, TechRepublic noted.

In addition to hacking, the BYOD (bring your own device) phenomenon introduces several potential vulnerabilities that could lead to the loss of important information. These concerns are often associated with the mismanagement and the loss of devices, TechRepublic said. Enterprises should have remote wiping capabilities in place should these situations ever occur, as this will allow IT departments to erase all sensitive data stored on the platform.

As the consumerization of IT continues to disrupt the enterprises, IT decision-makers need to be prepared for new, advanced dangers that may not have been around several years ago. The only way to survive the evolving threat landscape is to adapt.

Consumerization News from SimplySecurity.com by Trend Micro

Related posts:

  1. Mobile social media apps lack security, study finds
  2. Majority of IT pros eyeing cloud-based storage, study finds
  3. 15 Million T-Mobile Users Compromised – What it Means for You
  4. Mobile security catching on, study reveals

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.